Digital trust is entering a new phase, and on March 15, 2026, a policy change will take effect that reshapes how organisations approach security.

In 2025, the CA/Browser Forum, a consortium of browser vendors and certificate authorities, approved revisions to public TLS standards, introducing a phased reduction in certificate lifespans to better address modern threats. After extensive industry-wide debate, the timeline is now clear, and the first milestone is upon us.

The first of several milestones will occur today, on March 15, where the maximum allowable lifetime of a publicly trusted TLS certificate will halve, from 398 days to 200 days, with the ultimate goal to reduce eightfold to 47 days in March 2029.

At its core, it reflects a simple truth:  trust degrades over time.  And with the advent of AI, this process has accelerated rapidly. Businesses evolve, infrastructure changes, assets are reassigned, and security threats become more sophisticated.

Expired certificates remain one of the most common and preventable causes of website outages and service disruptions. When certificates lapse, customers notice. Transactions fail, applications stop working, and trust erodes quickly.  At the same time, older certificates heighten security risk, creating opportunities for attackers to exploit overlooked weaknesses.

By shortening certificate lifespans, the industry increases the frequency of identity revalidation, which narrows the validity window and keeps certificate information aligned with current organisational and infrastructure details.

The change is significant, but the agreed timeline phases in the requirements, providing organisations with a defined period to plan and adjust.

The Transition to Ongoing Action

For businesses, today is when planning must turn into action. The halving of certificate validity from 398 days to 200 days effectively doubles renewal frequency. That alone may still be manageable using traditional approaches, but the subsequent reductions to 100 days and then 47 days accelerate the pace dramatically. What was once an annual, often manual administrative task will soon become a significant monthly operational process.

Manual tracking, email reminders, spreadsheets, and decentralised ownership may have been sufficient before today, but now such practices introduce significant risks in this new security landscape. Organisations need systems that automate the issuance, renewal, and deployment of certificates without manual intervention to keep up with shortening renewal cycles. This new normal also marks the transition towards ‘Intelligent Trust’ management, and the demands for clear visibility across all its certificates to avoid blind spots, close attack vectors, and maintain consistent policy compliance.

Businesses that act now will build organisational agility, gain powerful visibility across their security environments, strengthen key management practices, reduce operational burdens, and prepare for a rapidly accelerating future in which cryptographic standards evolve.

Smarter, Automated Certificate Management

As leaders in Intelligent Trust, DigiCert works directly with organisations navigating increasingly complexm certificate environments. According to Forrester’s Total Economic Impact™ study of the DigiCert ONE platform, enterprises that centralised and automated certificate lifecycle processes achieved measurable outcomes over a three-year period: a 312 % return on investment (ROI) and payback in under six months compared with legacy approaches.

Tools such as Trust Lifecycle Manager and CertCentral provide centralised visibility and automation for all certificate types. In the Forrester study, this automation helped organisations reclaim more than 200,000 hours of manual effort, save roughly $7.9 million in labour costs related to renewal activities, and reduce incident-related costs by about $2.8 million over three years by minimising outages and security lapses linked to manual processes.

Through “Intelligent Trust”, businesses gain greater agility with their certificate remediation and adoption, while simultaneously reducing the risk of business disruption. This, coupled with DigiCert’s local Australian DigiCert ONE instance, ensures businesses can meet both the trust and sovereignty considerations of today and prepare for the post-quantum future.

Shorter TLS certificate lifespans are becoming the industry baseline, and the CA/Browser Forum has set a clear roadmap for the transition. Organisations that invest in automation and lifecycle management now will be better positioned to meet each milestone with resilience and continuity rather than urgency.